IoT Security Best Practices Begin at Your Home
With the advent of the Internet of Things (IoT), the world is going through huge transformations. There are plenty of applications where IoT can prove its potential. The list includes almost every sector such as retail, transport, factories, and healthcare as well. IoT has provided a wide range of opportunities to the growing businesses to enjoy more efficient, cost-effective, and innovative operations.
The major impact of IoT can be seen in the smart home application as it has changed the way we used to live our life.
However, the biggest trouble associated with the wide adoption of IoT is a higher risk of cybercrime. As per this study carried by New Stanford University, North America is having the highest range of IoT enabled home appliances these days. It has become the major platform for the attackers to hijack all the connected devices.
A research was carried on more than 83 million IoT devices connected within 16 million IoT enabled homes worldwide, and the stats reveal that 66% of North American homes have at least one IoT enabled device at their home. That is 40% of the global population. It can be anything ranging from smart TVs, routers, door locks, smart windows, security alarms, CCV, to refrigerators as well.
Although these devices and gadgets are designed to ease your lifestyle, many of them are posing serious security threats as well. One of the prime issues highlighted in the research is that most of the home devices make use of old protocols for communication such as Telnet and FTP. They are not able to encrypt login credentials.
One more major problem with the IoT enabled routers and devices is that owners rarely change default passwords. Research reveals that almost 88% of the FTP logins involve “Admin” as the username along with weak passwords. 36% of such weak connections belong to Telnet logins. Hence, the attackers can easily access the home IoT devices from remote locations.
The problem doesn’t limit to how vulnerable IoT devices are due to their week password and old protocols. Many harmful attacks are performed through software vulnerabilities, and they can cause huge harm. If we talk about the stats obtained from the current year, around 2 million smart doorbells, baby monitors and IP security cameras were hijacked by attackers.
IoT devices are easily vulnerable to software-based attacks because the manufacturers rarely care about updating security patches from time to time. Even if the manufacturers update them on time, many of the users are not aware of how to apply them. These types of security vulnerabilities are more common in the IoT world because developers keep on sharing various components, without working on adequate security measures.
Dealing with the cyber-attacks
The first most question everyone needs to ask is what kind of benefits hackers can have from these attacks. There are plenty of things that can be added to the list:
- The use of default, easy to crack security passwords, and lack of trustworthy encryption protocols leads to the easy hijack of smart home devices. In most of the cases, attacks are interested in doing physical harm to the systems. It can be to monitor the property via their own CCTV feed or unlocking the main entry door when no one is at home.
- Another common but most dangerous form of IoT attack is hijacking devices by simply cracking their passwords and then conscripting them to the botnet. Such compromised and insecure IoT devices can be further used to launch harmful DDoS attacks against potential businesses. They may even try to mine for cryptocurrencies, execute dangerous phishing campaigns, or infect connected computers with sophisticated malware. Another not so common DDoS attack that can be executed from compromised IoT devices is interrupting the normal processing of major websites online.
- Some researchers also reported that hackers are targeting enterprise networks via smart speaker vulnerabilities.
- One more common target point for hackers is routers used in smart homes. It can easily provide access to the important passwords of various corporate accounts that are frequently accessed from home.
The good news for smart home residents
Most of the security-related challenges are associated with poorly designed devices. It is just because most of the brands that are stepping into the smart home industry do not have adequate knowledge and experience to produce IT kits. At the same time, they do not have reliable security patches to deal with software vulnerabilities. Also, they do not prompt users to update credentials, especially passwords from time to time.
In order to fix these issues, government authorities these days are taking serious measures. As per the stats, although there are 14000 manufacturers in the IoT industry worldwide, 94% of the IoT gadgets are designed by top 100 vendors only. Hence, lawmakers can easily put pressure on those brands to follow stronger security measures as prescribed by UK legislation.
Note that, legislations usually take time to pass, till then, homeowners and security leaders in the IT industry need to take adequate steps for security.
There are very few things that IT leaders can do to deal with the threats associated with IoT devices that are conscripted through a botnet. But the most important thing they can do at present is educating the homeowners to mitigate security risks while using a variety of IoT gadgets. It is better to design a security checklist that can help corporates networks stay protected from hacker attacks.
The safety checklist must include:
- Using strong and tough to crack passwords for IoT devices.
- Downloading apps and software through official stores only.
- Prefer two-factor authentication for all logins wherever possible.
- Ensure protection to mobile devices via AV.
- Keep checking the firmware updates time to time and apply them ASAP.
- Prefer using WPA2 on all home routers to ensure encrypted connection for Wi-Fi.
- Use VPNs for corporate network logins.
- Disable all remote management features, including UPnP.
- Set up a unique guest network for the IoT devices connected within the premises, it can prevent hacker attacks.